Hub OAuth2 provider: deny authorization to service

I added a new service (Service A) and successfully logged in through an external OAuth client.

I want to implement the following scenario: Administrator Bob gives authorization rights (via hub) to "Service A" for user Charlie. After a while, Charlie is transferred to another division and no longer needs access to "Service A". Administrator Bob disables the ability to log in to" Service A " for Charlie.

How can I implement the above scenario using Hub? The use of scopes comes to mind, but I have not been able to figure out how they are configured in the Hub.




Speaking about services, if your service consumes a license, you can revoke a license from Charlie. Will it work? 
If it doesn't please describe your scenario in more details. 


Hi, our service does not have licenses. Service - an external site that wants to use the Hub as an authorization server (OAUTH). Now there are 20 users in the Hub. How do I make sure that 10 of them can log in to an external site, but 10 can't?



I'm afraid it can't be done out-of-the-box. However, you can do some programming to issue HTTP requests from your service to Hub when a user is trying to log in and check if, for example, this user belongs to some specific group which is allowed to use the service. If yes, then proceed with the login, if not - deny it. 

Hope it helps. 


Hi, this is very strange. This is what we do with self-written services: we send an additional HTTP request to check whether a user is in the group. But there are problems with vendors, such as Gitlab: (

Tell Me, do you plan to improve this functionality?



I'm afraid we don't have any exact plans on changing that in the nearest future, unfortunately. Please let me know if I can help you further. 


Please sign in to leave a comment.